GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
537 advisories
Filter by severity
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
2FA bypass through deleting devices in wagtail-2fa
High
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Improper Authorization in googleapis
High
GHSA-7543-mr7h-6v86
was published
for
googleapis
(npm)
Sep 2, 2020
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authorization in react-oauth-flow
Critical
GHSA-65m9-m259-7jqw
was published
for
react-oauth-flow
(npm)
Sep 3, 2020
Improper Authorization in @sap-cloud-sdk/core
High
GHSA-r2vw-jgq9-jqx2
was published
for
@sap-cloud-sdk/core
(npm)
Sep 3, 2020
Improper Authorization in loopback
High
GHSA-8wgc-jjvv-cv6v
was published
for
loopback
(npm)
Sep 2, 2020
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
Improper Authorization in passport-cognito
Critical
CVE-2019-19723
was published
for
passport-cognito
(npm)
Sep 4, 2020
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Improper Authorization in org.apache.hbase:hbase
High
CVE-2019-0212
was published
for
org.apache.hbase:hbase
(Maven)
Apr 2, 2019
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper...
Moderate
Unreviewed
CVE-2021-21096
was published
May 24, 2022
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to...
High
Unreviewed
CVE-2021-24739
was published
Dec 22, 2021
Improper Authorization in Undertoe
High
CVE-2020-1745
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
XWiki Platform Improper Authorization check for inactive users
High
CVE-2022-36090
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24193
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API